Quote:
Originally Posted by pan64
what is the goal (of an encryption) if you can boot the system without any manual input?
To make an encrypted disk you need to save your data, encrypt it and restore the content (as far as I know).
|
Perhaps a bit noob-ish from my side, so let me ask -
1. If TPM is on the system, as I understand it, it would hold the passphrase or key, which LUKS can possibly use to decrypt or allow access to disk, and a quiet boot?
2. As I understand the first step, at least in dm-crypt is to fill the filesystem with zeroes, which deletes whatever may be there on that filesystem. Is this step essential? And is there any other encryption utility which would not be required to do this, while still achieving reasonable levels of encryption and security?
Drive encryption with BitLocker does not delete data, but block-level encryption with LUKS does...I'm not sure what is the difference between the two.
If alternatives could be suggested, I am open to those as well...Essentially I am interested in encrypting certain partitions without deleting pre-existing data and a quiet boot.